On Tue, Sep 12, 2006 at 06:21:44PM -0700, Mike Garfias wrote:
> I have never seen a compelling reason to run chrooted.
Exposed services always have vulnerabilities. Maybe none that are known
right now, but they're in there. Chroot can mitigate the damage when/if
somebody exploits a hole. Not picking on postfix here. It's just a Good
Idea(tm) where it's practical. And, really, it ain't that hard to move a
few things into a chroot.
> And it makes things much easier when you start extending the system.
Security v. convenience is an old battle. Security usually loses.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler@stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)